RFID and Your Passport

I must have been sunning myself at the beach this August when the announcement was made by the U.S. State Department that it began shipping passports with an RFID tag implanted.

The U.S. government began shipping the passports starting with their Colorado Passport Agency this past August. To my knowledge, very little fanfare was made of this (but remember, I may have been at the beach) and there is no additional information provided as to when this will be rolled out to other agencies. The State Department’s press release simply states that the rollout will include other passport agencies “over the next few months” and that it will include all agencies by the end of 2007.

To quote their press release, “Consistent with globally interoperable specifications adopted by the International Civil Aviation Organization (ICAO), this next generation of the U.S. passport includes biometric technology.” (WhatEVER that means!)

While this implementation may seem innocuous enough since the imbedded tag includes nothing more than the info already contained in the passport itself, consider the security liability.

Tests have been conducted that show that this information can be read by third parties if the passport is open even slightly. In a demonstration, Flexilis, a company that secures mobility, shows in a video that the reading of this information can easily be used for terrorist purposes. If an RFID hacker can remotely “see” that you are an American from your passport, a bomb could be set to explode as you pass by, injuring or killing anyone in the vicinity. A Dutch study showed that hackers were able to “skim” the RFID information from a Dutch passport.

The Department of State maintains that the purpose of the RFID tag is to improve border security and to help facilitate travel and that passports are secure if they are left completely closed.